Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Red X - Your computer is infected [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
nitabita

nitabita

    Member

  • Member
  • PipPip
  • 26 posts
One of our home computers in infected. It moves really slow. Theres a red circle icon w/ a red X with a pop message that says "your computer is infected". I downloaded hijack this from download.com but the program will not open. Please help!

Thx!
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Hello nitabita, Welcome to Geeks-To-Go.

My name is Gravity Gripp and I'll be working with you on these issues. Please note that I am still in training so there may be a slight delay in my responses because I will be working with an expert on this.

However, the first thing that I would like you to do is locate the HiJackThis file and re-name it to something else. Make sure that you rename the actual program and not a shortcut to it. If you downloaded HJTInstall.exe from download.com, then the actual program is located C:\Program Files\Trend Micro\HijackThis\HijackThis.exe. Find that file, right click on it, and choose rename. Once you have renamed it, try to re-run it and post a log with your next reply.

Edited by Gravity Gripp, 04 July 2008 - 08:02 AM.

  • 0

#3
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks for your help. Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:33 PM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\WinReanimator\WinReanimator.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\ms-E.exe
C:\WINDOWS\TEMP\ms-D.exe
C:\z_Drivers\svchost.exe
C:\Removal\Remove It.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DriverLoad] (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: cru629.dat
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\TOTREC~1\LOCALS~1\Temp\dnlsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 7279 bytes
  • 0

#4
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
nitabita,
Alright, it does look like you've got some problems here, but I believe that we can take care of it fairly easy. Just follow these steps as I post them and we'll be good.

STEP ONE
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

STEP TWO
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.
  • 0

#5
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok, here are the 3 logs

SDFIX

SDFix: Version 1.202
Run by TOTRECK FLAVORS on Fri 07/07/2006 at 11:15 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Removal\SDFix

Checking Services :

Name :
dnlsvc
msdirect

Path :
"C:\DOCUME~1\TOTREC~1\LOCALS~1\Temp\dnlsvc.exe"
\??\C:\WINDOWS\system32\msdirect.sys

dnlsvc - Deleted
msdirect - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Resetting AppInit_DLLs value


Rebooting


Infected beep.sys Found!

beep.sys File Locations:

"C:\WINDOWS\system32\dllcache\beep.sys" 32256 05/23/2006 07:31 AM
"C:\WINDOWS\system32\drivers\beep.sys" 32256 05/23/2006 07:31 AM

Infected File Listed Below:

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version


Original beep.sys Restored

"C:\WINDOWS\system32\dllcache\beep.sys" 4224 07/06/2008 03:18 PM
"C:\WINDOWS\system32\drivers\beep.sys" 4224 07/06/2008 03:18 PM



Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Start Menu\Programs\WinReanimator\Uninstall.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\WinReanimator\WinReanimator.lnk - Deleted
C:\Documents and Settings\All Users\Desktop\WinReanimator.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\WinReanimator\WinReanimator.lnk - Deleted
C:\WINDOWS\system32\msdirect.sys - Deleted
C:\WINDOWS\Temp\ms-1.exe - Deleted
C:\WINDOWS\Temp\ms-10.exe - Deleted
C:\WINDOWS\Temp\ms-11.exe - Deleted
C:\WINDOWS\Temp\ms-12.exe - Deleted
C:\WINDOWS\Temp\ms-13.exe - Deleted
C:\WINDOWS\Temp\ms-14.exe - Deleted
C:\WINDOWS\Temp\ms-15.exe - Deleted
C:\WINDOWS\Temp\ms-16.exe - Deleted
C:\WINDOWS\Temp\ms-17.exe - Deleted
C:\WINDOWS\Temp\ms-18.exe - Deleted
C:\WINDOWS\Temp\ms-19.exe - Deleted
C:\WINDOWS\Temp\ms-1A.exe - Deleted
C:\WINDOWS\Temp\ms-1B.exe - Deleted
C:\WINDOWS\Temp\ms-1C.exe - Deleted
C:\WINDOWS\Temp\ms-1D.exe - Deleted
C:\WINDOWS\Temp\ms-1E.exe - Deleted
C:\WINDOWS\Temp\ms-1F.exe - Deleted
C:\WINDOWS\Temp\ms-2.exe - Deleted
C:\WINDOWS\Temp\ms-20.exe - Deleted
C:\WINDOWS\Temp\ms-21.exe - Deleted
C:\WINDOWS\Temp\ms-22.exe - Deleted
C:\WINDOWS\Temp\ms-23.exe - Deleted
C:\WINDOWS\Temp\ms-24.exe - Deleted
C:\WINDOWS\Temp\ms-26.exe - Deleted
C:\WINDOWS\Temp\ms-27.exe - Deleted
C:\WINDOWS\Temp\ms-28.exe - Deleted
C:\WINDOWS\Temp\ms-29.exe - Deleted
C:\WINDOWS\Temp\ms-2A.exe - Deleted
C:\WINDOWS\Temp\ms-2B.exe - Deleted
C:\WINDOWS\Temp\ms-2C.exe - Deleted
C:\WINDOWS\Temp\ms-2D.exe - Deleted
C:\WINDOWS\Temp\ms-2E.exe - Deleted
C:\WINDOWS\Temp\ms-2F.exe - Deleted
C:\WINDOWS\Temp\ms-30.exe - Deleted
C:\WINDOWS\Temp\ms-31.exe - Deleted
C:\WINDOWS\Temp\ms-32.exe - Deleted
C:\WINDOWS\Temp\ms-33.exe - Deleted
C:\WINDOWS\Temp\ms-34.exe - Deleted
C:\WINDOWS\Temp\ms-35.exe - Deleted
C:\WINDOWS\Temp\ms-37.exe - Deleted
C:\WINDOWS\Temp\ms-3C.exe - Deleted
C:\WINDOWS\Temp\ms-3D.exe - Deleted
C:\WINDOWS\Temp\ms-3F.exe - Deleted
C:\WINDOWS\Temp\ms-4E.exe - Deleted
C:\WINDOWS\Temp\ms-50.exe - Deleted
C:\WINDOWS\Temp\ms-51.exe - Deleted
C:\WINDOWS\Temp\ms-53.exe - Deleted
C:\WINDOWS\Temp\ms-60.exe - Deleted
C:\WINDOWS\Temp\ms-61.exe - Deleted
C:\WINDOWS\Temp\ms-68.exe - Deleted
C:\WINDOWS\Temp\ms-69.exe - Deleted
C:\WINDOWS\Temp\ms-6B.exe - Deleted
C:\WINDOWS\Temp\ms-6D.exe - Deleted
C:\WINDOWS\Temp\ms-71.exe - Deleted
C:\WINDOWS\Temp\ms-7E.exe - Deleted
C:\WINDOWS\Temp\ms-80.exe - Deleted
C:\WINDOWS\Temp\ms-85.exe - Deleted
C:\WINDOWS\Temp\ms-86.exe - Deleted
C:\WINDOWS\Temp\ms-87.exe - Deleted
C:\WINDOWS\Temp\ms-88.exe - Deleted
C:\WINDOWS\Temp\ms-D.exe - Deleted
C:\WINDOWS\Temp\ms-E.exe - Deleted
C:\WINDOWS\Temp\ms-F.exe - Deleted
C:\Program Files\WinReanimator\htmlayout.dll - Deleted
C:\Program Files\WinReanimator\install.exe - Deleted
C:\Program Files\WinReanimator\pthreadVC2.dll - Deleted
C:\Program Files\WinReanimator\un.ico - Deleted
C:\Program Files\WinReanimator\unzip32.dll - Deleted
C:\Program Files\WinReanimator\WinReanimator.cfg - Deleted
C:\Program Files\WinReanimator\WinReanimator.dll - Deleted
C:\Program Files\WinReanimator\WinReanimator.exe - Deleted
C:\Program Files\WinReanimator\data\daily.cvd - Deleted
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest - Deleted
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll - Deleted
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll - Deleted
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll - Deleted
C:\DOCUME~1\TOTREC~1\LOCALS~1\Temp\Binaries1.zip - Deleted
C:\WINDOWS\braviax.exe - Deleted
C:\WINDOWS\cru629.dat - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\cru629.dat - Deleted
C:\WINDOWS\system32\univrs32.dat - Deleted
C:\WINDOWS\system32\winivstr.exe - Deleted



Folder C:\Documents and Settings\All Users\Start Menu\Programs\WinReanimator - Removed
Folder C:\Program Files\WinReanimator - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-07-07 11:35:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

Remaining Files :


File Backups: - C:\Removal\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 16 Mar 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\573bf64c61e63a82e837c932e348b15c\BIT20.tmp"
Fri 8 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 8 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"

Finished!

WINDELF
WIN32DELFKIL LOGFILE - by Marckie


version 3.131
Fri 07/07/2006 12:36:56.60
running from: "C:\Documents and Settings\TOTRECK FLAVORS\Desktop"


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:28 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\z_Drivers\svchost.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Documents and Settings\TOTRECK FLAVORS\Desktop\Dowload.exe
C:\WINDOWS\system32\wuauclt.exe
C:\z_Drivers\svchost.exe
C:\Removal\Remove It.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe
C:\z_Drivers\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6355 bytes
  • 0

#6
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
nitabita, we're definitely on the right road. Let's continue to get rid of the nasties.

STEP ONE
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

STEP TWO
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

SpywareStop

Please note any other programs that you dont recognize in that list in your next response


STEP THREE
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\z_Drivers
    C:\Documents and Settings\TOTRECK FLAVORS\Desktop\Dowload.exe
    C:\Removal
    C:\Program Files\SpywareStop
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\CDriver
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\DDriver
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\alpha
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\beta
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\gamma
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\CDriver
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DDriver
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\gamma
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\beta
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\alpha
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP FOUR

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs To Provide In Your Next Post:
  • OTMoveIt2 Log
  • Deckards System Scanner Log

Edited by Gravity Gripp, 08 July 2008 - 04:41 AM.

  • 0

#7
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Move it log

Folder move failed. C:\z_Drivers scheduled to be moved on reboot.
C:\Documents and Settings\TOTRECK FLAVORS\Desktop\Dowload.exe moved successfully.
C:\Removal\SDFix\backups moved successfully.
C:\Removal\SDFix\apps\Replace\xp moved successfully.
C:\Removal\SDFix\apps\Replace\w2k moved successfully.
C:\Removal\SDFix\apps\Replace moved successfully.
C:\Removal\SDFix\apps moved successfully.
C:\Removal\SDFix moved successfully.
C:\Removal moved successfully.
File/Folder C:\Program Files\SpywareStop not found.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\CDriver >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\CDriver deleted successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\DDriver >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\DDriver deleted successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\alpha >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\alpha deleted successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\beta >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\beta deleted successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\gamma >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\gamma deleted successfully.
< HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\CDriver >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CDriver deleted successfully.
< HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DDriver >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DDriver deleted successfully.
< HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\gamma >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gamma deleted successfully.
< HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\beta >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\beta deleted successfully.
< HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\alpha >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\alpha deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092006_212204

Files moved on Reboot...
C:\z_Drivers moved successfully.

Main.txt
Deckard's System Scanner v20071014.68
Run by TOTRECK FLAVORS on 2006-07-09 21:28:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2006-07-10 02:28:53 UTC - RP889 - Deckard's System Scanner Restore Point
64: 2006-07-10 01:52:49 UTC - RP888 - Removed SpywareStop
63: 2006-07-07 04:27:18 UTC - RP887 - System Checkpoint
62: 2006-07-04 14:35:24 UTC - RP886 - System Checkpoint
61: 2006-06-30 22:52:52 UTC - RP885 - System Checkpoint


-- First Restore Point --
1: 2006-04-09 00:10:13 UTC - RP825 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as TOTRECK FLAVORS.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:32 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TOTRECK FLAVORS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TOTRECK FLAVORS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4694 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; Syncrosoft GmbH; USB protection device>

S3 catchme - c:\docume~1\totrec~1\locals~1\temp\catchme.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2006-07-09 20:36:26 516 --a------ C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job


-- Files created between 2006-06-09 and 2006-07-09 -----------------------------

2007-06-07 08:20:36 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-06 21:55:47 0 d-------- C:\Program Files\Steinberg
2007-06-06 21:55:47 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\EmuPatchMixDSP
2006-11-23 11:27:49 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Syntrillium
2006-11-22 22:11:39 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\AdobeUM
2006-11-22 22:11:13 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Adobe
2006-11-22 22:11:10 0 d-------- C:\Program Files\Common Files\Adobe
2006-11-22 20:11:09 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2006-11-22 20:09:00 0 d-------- C:\Program Files\Image-Line
2006-09-12 17:51:42 1245184 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2006-07-09 21:31:21 0 d-------- C:\Program Files\Trend Micro
2006-07-07 12:36:56 0 d-------- C:\_backupD
2006-07-07 12:36:49 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2006-07-07 12:36:49 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2006-07-07 12:36:49 4096 --a------ C:\WINDOWS\system32\reboot.exe
2006-07-07 12:36:49 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2006-07-07 12:36:49 280286 --a------ C:\win32delfkil.exe <WIN32D~1.EXE> <Not Verified; Marckie; >
2006-07-07 12:36:48 0 d-------- C:\WINDOWS\system32\regdacl
2006-07-07 11:19:08 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-07-07 11:08:49 0 d-------- C:\WINDOWS\ERUNT
2006-06-28 12:57:05 980 --a------ C:\0xf9.exe


-- Find3M Report ---------------------------------------------------------------

2007-06-06 22:01:26 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2006-11-23 10:09:03 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Jasc Software Inc
2006-07-09 21:25:57 0 d-------- C:\Program Files\McAfee.com
2006-07-07 12:32:49 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\McAfee.com Personal Firewall
2006-05-13 19:38:57 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\SpywareStop
2006-05-13 08:31:12 11444 --a------ C:\WINDOWS\axobax.vbs
2006-05-13 08:31:12 16081 --a------ C:\Documents and Settings\TOTRECK FLAVORS\Application Data\epukepufa.lib
2006-05-13 08:31:11 16985 --a------ C:\WINDOWS\yboh.bat
2006-05-13 08:31:11 12370 --a------ C:\Documents and Settings\TOTRECK FLAVORS\Application Data\ywono.sys
2006-05-13 08:31:10 18188 --a------ C:\WINDOWS\system32\merode.exe
2006-05-13 08:31:10 16946 --a------ C:\Documents and Settings\TOTRECK FLAVORS\Application Data\yxesoza.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/01/2005 10:20 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/04/2005 06:21 PM]
"CTHelper"="CTHELPER.EXE" [10/22/2005 11:00 AM C:\WINDOWS\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [10/10/1999 08:00 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 05:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/19/2004 07:51 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SetDefaultMIDI"="MIDIDef.exe" [10/22/2005 10:46 AM C:\WINDOWS\MIDIDEF.EXE]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" []
"SpywareStop"="C:\Program Files\SpywareStop\SpywareStop.exe" []
"DriverLoad"="" []
"DriverCheck"="" []
"SystemDriverLoad"="" []
"SystemDriver"="" []
"FDriver"="" []
"ADriver"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"DriverLoad"=
"DriverCheck"=
"SystemDriverLoad"=
"Winhost"=
"Winhost1"=
"Winhost2"=
"Winhost3"=
"Winhost4"=
"SystemDriver"=
"FDriver"=
"ADriver"=




-- End of Deckard's System Scanner: finished at 2006-07-09 21:32:27 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.60GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 254 MiB / 82.75 MiB
Pagefile Memory (total/avail): 625.02 MiB / 462.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.35 MiB

C: is Fixed (NTFS) - 70.95 GiB total, 25.23 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 70.95 GiB - C:
\PARTITION2 - Unknown - 3.51 GiB

\\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 1929.68 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1934.98 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\TOTRECK FLAVORS\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IMFAMESTUDIOS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\TOTRECK FLAVORS
LOGONSERVER=\\IMFAMESTUDIOS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TOTREC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TOTREC~1\LOCALS~1\Temp
USERDOMAIN=IMFAMESTUDIOS
USERNAME=TOTRECK FLAVORS
USERPROFILE=C:\Documents and Settings\TOTRECK FLAVORS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

TOTRECK FLAVORS (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Professional\Drivers\Program\Setup.exe" /S /U /W
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Audio System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6ACBC6E4-03D0-422E-A0CA-3BA1A8EF8374}\SETUP.EXE" -l0x9 /remove
E-MU PatchMix DSP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 /remove
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 2.0.2 --> "C:\Removal\HijackThis.exe" /uninstall
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MAGIX music studio 7 --> C:\MAGIX\ms7\unwise.exe C:\MAGIX\ms7\INSTALL.LOG
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant --> rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
Nero 7 Essentials --> MsiExec.exe /I{6FFBEAEA-312A-4C3F-AE8A-87E0ABA51033}
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Philips Intelligent Agent --> "C:\Program Files\Philips Intelligent Agent\Uninst\unins000.exe"
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase SE 3 --> "C:\Program Files\Steinberg\Cubase SE 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SE 3\install.log"
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4707 / Warning
Event Submitted/Written: 07/09/2006 09:25:08 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4706 / Warning
Event Submitted/Written: 07/09/2006 09:25:08 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type4702 / Warning
Event Submitted/Written: 07/09/2006 09:11:42 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type4701 / Warning
Event Submitted/Written: 07/09/2006 09:11:42 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type4697 / Warning
Event Submitted/Written: 07/09/2006 08:36:49 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17744 / Warning
Event Submitted/Written: 07/09/2006 09:13:23 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17713 / Error
Event Submitted/Written: 07/09/2006 08:53:32 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type17710 / Error
Event Submitted/Written: 07/09/2006 08:53:31 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type17707 / Error
Event Submitted/Written: 07/09/2006 08:53:31 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type17704 / Error
Event Submitted/Written: 07/09/2006 08:53:31 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2006-07-09 21:32:27 ------------
  • 0

#8
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
nitabita, just a little more :)

STEP ONE
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\SpywareStop
    C:\0xf9.exe
    C:\WINDOWS\axobax.vbs
    C:\Documents and Settings\TOTRECK FLAVORS\Application Data\epukepufa.lib
    C:\WINDOWS\yboh.bat
    C:\Documents and Settings\TOTRECK FLAVORS\Application Data\ywono.sys
    C:\WINDOWS\system32\merode.exe
    C:\Documents and Settings\TOTRECK FLAVORS\Application Data\yxesoza.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverLoad
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverCheck
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriverLoad
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriver
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FDriver
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADriver
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareStop
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverLoad
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriverLoad
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverCheck
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost1
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost2
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost3
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost4
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriver
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\FDriver
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ADriver
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP TWO
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")

STEP THREE
Disable Windows Internal Firewall
  • Go to Start->Run
  • Type "netsh firewall set opmode disable" into the box without the quotes and hit Ok.
  • You will see a black screen popup and then disappear, this is normal.

Please provide the following logs in your next reply:
  • OTMoveIt2 Log
  • Deckards System Scanner Log

  • 0

#9
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
move it log

File/Folder C:\Program Files\SpywareStop not found.
C:\0xf9.exe moved successfully.
C:\WINDOWS\axobax.vbs moved successfully.
C:\Documents and Settings\TOTRECK FLAVORS\Application Data\epukepufa.lib moved successfully.
C:\WINDOWS\yboh.bat moved successfully.
C:\Documents and Settings\TOTRECK FLAVORS\Application Data\ywono.sys moved successfully.
C:\WINDOWS\system32\merode.exe moved successfully.
C:\Documents and Settings\TOTRECK FLAVORS\Application Data\yxesoza.exe moved successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverLoad >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverLoad deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverCheck >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverCheck deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriverLoad >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriverLoad deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriver >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriver deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FDriver >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FDriver deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADriver >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADriver deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareStop >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareStop deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverLoad >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverLoad deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriverLoad >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriverLoad deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverCheck >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\DriverCheck deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost1 >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost1 deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost2 >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost2 deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost3 >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost3 deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost4 >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\Winhost4 deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriver >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\SystemDriver deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\FDriver >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\FDriver deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ADriver >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run\\ADriver deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102006_225339

DSS log
Deckard's System Scanner v20071014.68
Run by TOTRECK FLAVORS on 2006-07-10 23:08:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as TOTRECK FLAVORS.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:16 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\TOTRECK FLAVORS\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\TOTREC~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4861 bytes

-- Files created between 2006-06-10 and 2006-07-10 -----------------------------

2007-06-07 08:20:36 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-06 21:55:47 0 d-------- C:\Program Files\Steinberg
2007-06-06 21:55:47 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\EmuPatchMixDSP
2006-11-23 11:27:49 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Syntrillium
2006-11-22 22:11:39 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\AdobeUM
2006-11-22 22:11:13 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Adobe
2006-11-22 22:11:10 0 d-------- C:\Program Files\Common Files\Adobe
2006-11-22 20:11:09 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2006-11-22 20:09:00 0 d-------- C:\Program Files\Image-Line
2006-09-12 17:51:42 1245184 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2006-07-10 23:04:58 0 d-------- C:\Program Files\Java
2006-07-10 23:04:52 0 d-------- C:\Program Files\Common Files\Java
2006-07-09 21:31:21 0 d-------- C:\Program Files\Trend Micro
2006-07-07 12:36:56 0 d-------- C:\_backupD
2006-07-07 12:36:49 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2006-07-07 12:36:49 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2006-07-07 12:36:49 4096 --a------ C:\WINDOWS\system32\reboot.exe
2006-07-07 12:36:49 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2006-07-07 12:36:49 280286 --a------ C:\win32delfkil.exe <WIN32D~1.EXE> <Not Verified; Marckie; >
2006-07-07 12:36:48 0 d-------- C:\WINDOWS\system32\regdacl
2006-07-07 11:19:08 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-07-07 11:08:49 0 d-------- C:\WINDOWS\ERUNT


-- Find3M Report ---------------------------------------------------------------

2007-06-06 22:01:26 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2006-11-23 10:09:03 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Jasc Software Inc
2006-07-10 23:04:52 0 d-------- C:\Program Files\Common Files
2006-07-09 21:25:57 0 d-------- C:\Program Files\McAfee.com
2006-07-07 12:32:49 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\McAfee.com Personal Firewall
2006-05-13 19:38:57 0 d-------- C:\Documents and Settings\TOTRECK FLAVORS\Application Data\SpywareStop


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/01/2005 10:20 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/04/2005 06:21 PM]
"CTHelper"="CTHELPER.EXE" [10/22/2005 11:00 AM C:\WINDOWS\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [10/10/1999 08:00 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 05:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/19/2004 07:51 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SetDefaultMIDI"="MIDIDef.exe" [10/22/2005 10:46 AM C:\WINDOWS\MIDIDEF.EXE]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" []




-- End of Deckard's System Scanner: finished at 2006-07-10 23:08:47 ------------
  • 0

#10
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
nitabita, couple of more things here.

STEP ONE
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

My Way Search Assistant

Please note any other programs that you dont recognize in that list in your next response

After that, Reboot.

STEP TWO
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs
  • 0

#13
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
when i tried to remove the myway search assistant it said that the module could not be found...here are the hijackthis and kaspersky logs...what is winreanimator?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:40 AM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] NOT_IN_USE_DUMMY_PATH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 4609 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 16, 2006 11:50:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/07/2008
Kaspersky Anti-Virus database records: 956074
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 68126
Number of viruses found: 16
Number of infected objects: 288
Number of suspicious objects: 0
Duration of the scan process: 01:06:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\1PG0AH2R\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\3HQ3KLIN\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\3HQ3KLIN\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4HMFG5Y7\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4HMFG5Y7\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4HMFG5Y7\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4XANWLAN\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4XANWLAN\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\4XANWLAN\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\7ZDBNH8W\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\8H2FGHAN\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\8H2FGHAN\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\8H2FGHAN\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\8RF7E059\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\8RF7E059\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\CFXFYQBL\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\CFXFYQBL\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\CFXFYQBL\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\CPIVS9U7\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\CT6J4TEN\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\GDE7SHMR\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\GDE7SHMR\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\GDE7SHMR\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\GDE7SHMR\setup[4].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\H4OJPHWD\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\H4OJPHWD\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\H4OJPHWD\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\KLO1AFOX\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\KLO1AFOX\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\KLO1AFOX\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\MPN0L8RM\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ODSBCV8B\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ODSBCV8B\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ODSBCV8B\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\WDUV8XI7\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\WDUV8XI7\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\WDUV8XI7\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\WHUB0DYN\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\WHUB0DYN\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\Y9WF69M5\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ZEK7Z9SX\setup[1].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ZEK7Z9SX\setup[2].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ZEK7Z9SX\setup[3].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ZEK7Z9SX\setup[4].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\Local Settings\Temporary Internet Files\Content.IE5\ZEK7Z9SX\setup[5].exe Infected: not-a-virus:AdWare.Win32.E404.ea skipped
C:\Documents and Settings\TOTRECK FLAVORS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\TOTRECK FLAVORS\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20060716-100709-965.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0058250.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0058251.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0058270.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0058271.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0058285.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0058286.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0058299.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0058300.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0058322.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0058323.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP854\A0058341.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ie skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058349.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058350.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058351.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058356.exe Infected: Trojan-Downloader.Win32.FraudLoad.awr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058357.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP857\A0058358.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP859\A0058371.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP859\A0058372.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0058399.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0058400.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0058424.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0058425.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\A0058446.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\A0058447.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP865\A0058474.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP865\A0058475.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP870\A0058504.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP870\A0058505.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\A0058532.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP875\A0058533.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP876\A0059532.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP876\A0059533.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP876\A0060532.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP876\A0060533.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP877\A0061532.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP877\A0061533.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0062532.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0062533.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0062545.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0062546.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0063545.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0063546.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0063559.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0063560.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0063573.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0063574.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0064573.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0064574.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0064593.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0064594.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP883\A0064598.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0064609.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0064610.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP884\A0064614.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064629.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064630.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064638.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064645.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064646.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0064650.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065645.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065646.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065655.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065661.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065662.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065666.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065683.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065684.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065688.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065691.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065692.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP885\A0065696.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065713.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065714.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065722.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065732.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065733.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP886\A0065742.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0065760.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0065761.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066760.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066761.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066764.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066768.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066770.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066775.dll Infected: not-a-virus:FraudTool.Win32.Reanimator.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066776.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066781.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066789.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066790.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066792.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066794.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066795.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066796.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066797.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066798.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066799.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066800.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066801.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066802.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066803.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066804.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066805.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066806.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066807.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066808.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066809.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066810.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066811.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066812.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066813.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066814.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066815.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066816.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066817.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066818.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066819.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066820.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066821.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066822.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066823.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066824.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066825.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066826.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066827.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066828.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066829.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066830.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066831.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066832.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066833.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066834.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066835.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066836.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066837.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066838.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066839.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066840.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066841.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066842.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066843.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066844.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066845.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066846.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066847.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066848.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066849.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066850.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066851.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066852.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066853.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066854.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066855.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066856.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066857.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066865.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066867.dll Infected: not-a-virus:FraudTool.Win32.Reanimator.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP887\A0066868.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP888\A0068941.rbf Infected: not-a-virus:FraudTool.Win32.SpywareStop.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP888\A0068942.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.cd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP895\A0069189.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP895\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4FC00112-A7CE-4119-A8E4-FA3021C43D2C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/Binaries1.zip/WinReanimator.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.b skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/Binaries1.zip Infected: not-a-virus:FraudTool.Win32.Reanimator.b skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/braviax.exe Infected: Trojan-Downloader.Win32.FraudLoad.afk skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/cru629.dat Infected: Backdoor.Win32.Small.cyb skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/install.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-10.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-11.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-12.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-13.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-14.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-15.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-16.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-17.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-18.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-19.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1A.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1B.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1C.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1D.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1E.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-1F.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-20.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-21.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-22.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-23.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-24.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-26.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-27.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-28.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-29.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2A.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2B.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2C.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2D.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2E.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-2F.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-30.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-31.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-32.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-33.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-34.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-35.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-37.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-3C.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-3D.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-3F.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-4E.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-50.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-51.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-53.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-60.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-61.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-68.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-69.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-6B.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-6D.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-71.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-7E.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-80.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-85.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-86.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-87.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-88.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-D.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-E.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/ms-F.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/msdirect.sys Infected: Backdoor.Win32.ForBot.af skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/univrs32.dat Infected: not-a-virus:AdWare.Win32.Agent.zo skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/winivstr.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/WinReanimator.dll Infected: not-a-virus:FraudTool.Win32.Reanimator.d skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip/backups/WinReanimator.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.b skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\backups.zip ZIP: infected - 74 skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\catchme.zip/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\catchme.zip/beep.sys.1 Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\Removal\SDFix\backups\catchme.zip ZIP: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\07092006_212204\z_Drivers\svchost.exe Infected: Trojan-Clicker.Win32.Delf.lp skipped
C:\_OTMoveIt\MovedFiles\07102006_225339\0xf9.exe Infected: Trojan-Downloader.Win32.Tiny.bn skipped

Scan process completed.
  • 0

#14
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
nitabita, I believe we are almost done here. Just a couple more steps and then some cleaning up. WinReanimator is an example of a rouge security application. It basically gives false readings of your computer so that it can trick you into buying the product even though they may be nothing wrong.

STEP ONE
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP TWO
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#15
nitabita

nitabita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here's the mbam log

Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 2

8:50:38 PM 7/18/2006
mbam-log-7-18-2006 (20-50-38).txt

Scan type: Quick Scan
Objects scanned: 37858
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP